upgrade to most recent bluemonday (#11007)
* upgrade to most recent bluemonday * make vendor * update tests for bluemonday * update tests for bluemonday * update tests for bluemonday
This commit is contained in:
techknowlogick
+4
@@ -6,6 +6,10 @@ Third-party patches are essential for keeping bluemonday secure and offering the
|
||||
|
||||
* Make sure you have a [Github account](https://github.com/signup/free)
|
||||
|
||||
## Guidelines
|
||||
|
||||
1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
|
||||
|
||||
## Submitting an Issue
|
||||
|
||||
* Submit a ticket for your issue, assuming one does not already exist
|
||||
|
||||
Reference in New Issue
Block a user